On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
References
Link | Resource |
---|---|
https://github.com/golang/go/issues/18141 | Issue Tracking Third Party Advisory |
https://go-review.googlesource.com/c/33721/ | Broken Link |
https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ |
Configurations
History
07 Nov 2023, 02:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Aug 2022, 13:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:golang:go:1.6.3:*:*:*:*:*:*:* |
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* |
References | (CONFIRM) https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ - Mailing List, Third Party Advisory |
Information
Published : 2017-10-05 01:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-1000097
Mitre link : CVE-2017-1000097
CVE.ORG link : CVE-2017-1000097
JSON object : View
Products Affected
golang
- go
CWE
CWE-295
Improper Certificate Validation